Fake Google Chrome Update deliver crypto stealing malware

[BABY SHOES]

I am a long time Chrome user but when updating then from the browser directly in Help -> About Google Chrome then it automatically updates itself.

I got news maybe this is almost similar where a Chinese citizen lost $1 million from hijacking a browser plugin that resulted in stealing cookies in the browser.

So now there are many loopholes, I am now vigilant and never store assets in the browser extension wallet because this could cause vulnerabilities.

Source:
[1]. https://x.com/GoPlusSecWareX/status/1797597506748219614

[lovesmayfamilis]

Actually i think that's a good recommendation Firefox is a good application for browsing and is highly recommended by most of the users, this is why most people prefer using Firefox instead of using Chrome. However Firefox was introduced in 2004 and they gain more popularity within a year, before the adoption of Google Chrome in 2008. However from my investigations i have come to realize that Google Chrome has gain more popularity over Firefox, this is why scammers are using them to attack people because they know that Google Chrome has gain a lot of users in their application.

Don't you read all the posts above? In fact, NotATether gave the most needed answer on this topic. It doesn’t matter which browser you want to update; it doesn’t matter which program will beg you to update; the important thing is that Windows allows automatic installation and unpacking of archives without the user’s permission. When working with Linux, you install the necessary sources for updates, and updates occur only from authorized sources, which to some extent protects the user.

[moneystery]

chatgpt-app[.]cloud site contains a download link to a Zip archive called ‘Update.zip’

And once the you have executed the zip file, it will download the payload to your system and then the code will look for the following string in your machine, like *Bitcoin, *Binance and almost everything related to crypto.

and therefore always make sure that your device has antivirus installed and always check whether the domain you are visiting is correct, not a fake website. because there have been many cases like this where some websites disguise themselves as the original website by using domains such as .app .cloud, etc., and user devices can be vulnerable if they do not pay attention to things like this. moreover, google on its site often advertises fake websites like this which often mislead users, and therefore always make sure that the website you are visiting is genuine.

[Porfirii]

Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

This has nothing to do with Google and they could just as well go after Firefox on Windows users too.

The problem here is on Windows, there is no way you can verify that a program is signed by the entity it claims to be made by. At least Linux has PGP signatures and MacOS has Gatekeeper, but on Windows you can easily buy a code signing cert for $100 and impersonate any company you want and that is the end of the matter.

And the thing is that 80% of us could still be using Windows as our OS, that's why many are still getting malwares and other trojans that steals our crypto holding. I really don't know why people are still into Windows, might be better to try other flavor of Unix or at least MacOS.

If we can hold thousands of dollars then why not invest on a good machine not using Windows? Really baffles me and then crypto users bitch around when they got hack because they didn't take care of their OS security.

I know that what I'm about to mention is the exception, not the rule, but I have recently learned about the XZ Utils backdoor incident which was fortunately frustrated in the very last minute by pure chance (ironically thanks to a Microsoft worker), and which would've compromised hundreds of millions of computers worlwide that run SSH.

We have become accustomed to repeating ad nauseam that Linux or at least MacOS are safer, and in most ways they are, but at the same time the mentioned incident "could have been the most widespread and effective backdoor ever planted in any software product".

[Nwada001]

and therefore always make sure that your device has antivirus installed and always check whether the domain you are visiting is correct, not a fake website. because there have been many cases like this where some websites disguise themselves as the original website by using domains such as .app .cloud, etc., and user devices can be vulnerable if they do not pay attention to things like this. moreover, google on its site often advertises fake websites like this which often mislead users, and therefore always make sure that the website you are visiting is genuine.

I will agree with you on the side of checking the domain to make sure that the person is on the right one, but you see, putting your trust in antivirus is a risky one, I must say, as there are a lot of anti-viruses that are even carriers, so the best way to protect yourself is to be your own personal security, avoid clicking on things you don't understand online, and like I said above, don't put all your trust in your antivirus. There is some malicious malware that your antivirus might not be able to detect, and it will cause great damage to your gadget.

[Lucius]

I brought this discussion to the local forum as well. Indeed, all hackers that I understand take advantage of user weaknesses. So the best we can do to prevent, some suggestions when discussing in local forums could be maybe using AdBlock, premium VPN, or DNS settings.
~snip~

How will a VPN or an alternative DNS help you not to install a fake update? The only thing that makes sense is that you might be able to avoid an attack that is geolocated, but also by using a VPN, you can be shown ads that you otherwise wouldn't be able to see with your IP address.

Don't you read all the posts above? In fact, NotATether gave the most needed answer on this topic. It doesn’t matter which browser you want to update; it doesn’t matter which program will beg you to update; the important thing is that Windows allows automatic installation and unpacking of archives without the user’s permission. When working with Linux, you install the necessary sources for updates, and updates occur only from authorized sources, which to some extent protects the user.

When we talk about browsers, each one has (or should have) options for downloading files in its settings, and in these settings you can set whether you want the browser to ask you for permission for every download or whether you want that process to be automatic. It has never happened to me that Windows did something by itself.

[KiaKia]

I use chrome and other browsers on my PC, if any brings update outside the browser it's likely a scam, even uodate. Zip should raise eyebrows, my advice is people should stop surfing the web anyhow, you will eventually stumble on some fake ads and the only thing stopping you is you not believing in the add or you believing in the ads, I am very used to random ads tellling me to update some software or browser, they are all fakes.

This is more dangerous for new PC users, the chances that they can click on any link they found is very high, for such individuals I won't advice them to even run any cryoto wallets on their PC, for hacking softwares to penetrate into your PC, the user still need to give access, it is always us, so it is better to run your crypto wallet elsewhere.

I can tell the difference from a popup anything asking for some access on my PC, but still I choose to run my crypto wallets far away from my PC, if I am a newbie I would have fallen because I will believe almost everything that I see on my PC, today I don't have to worry anymore, I have a hardware wallet and everything I do on my PC won't favour any scams and hacks, that is even if they managed to infect my PC.

[Mate2237]

Chrome and  every other website I have used updates themselves automatically every time. I always get a message that my device has been recently updated with the new features, never a "your device needs update message".

Everyone should stay vigilant and never keep their funds on an exchange or on a device they use often. Invest in a hardware wallet.

- Jay -

Exactly and even if they didn't update automatically they would give you a notification to update he apps and not people sending to update the apps. Scammers are always bringing new methods to scam people and those who are not smart fall for it and this who are smart and wise escape from the trap always. The Internet is a place of making money and the same time scammers full the internet so when you online be wise and smart if not they scammer.

Everyday they come with new technic so we have to know their new technic deal with them.

[Marykeller]

Delicate information like this needs to be shared with everyone so that people will take note of this, and not fall victim to it, while they think, they are updating their Chrome because it appeared on the screen of their laptop, they are updating a fake Google Chrome malware meant to steal their crypto assets.

This is truly a bad move by the crypto hackers. They know how the Chrome browser is mostly used by many. I just wish everyone would stay vigilant about this, and never update their Chrome browser to a fake one, thinking that they updated the main Chrome browser

[Belarge]

Exactly and even if they didn't update automatically they would give you a notification to update he apps and not people sending to update the apps. Scammers are always bringing new methods to scam people and those who are not smart fall for it and this who are smart and wise escape from the trap always. The Internet is a place of making money and the same time scammers full the internet so when you online be wise and smart if not they scammer.

Everyday they come with new technic so we have to know their new technic deal with them.

Chrome? It's important to keep updates on our phone apps because nowhere is safe anymore. We come with the intention of making substantial profits in the space but we should always take our time to ensure we're on the right lane because any slight mistakes will always attracts losses on our ends. Scammers never gets tired and they don't give up. I know how important it is for them to lure people and scammed them of their hard earn money.

[bullkk]

For me, such a development of events with the theft of cryptocurrency and not only, in the browser Chrome is news. Two-factor authorization must be mandatory!

[johnsaributua]

The large number of google chrome users makes people who are smart but have no manners try their knowledge! Thieves who are willing to learn for a harmful action. I myself rarely use zip extraction / other raw folders. To update google chrome always click the 3 dots on the top right in the home browser =>about google chrome => check the version currently in use. It is too risky to allow such things on the desktop because of the deceptive wrapper of the content. Hopefully the affected people will not expand and be more vigilant, I realise the role of the browser is very important like a window that can go anywhere, but can be infiltrated around guarded access. And if there is any update via email I do not trust it unless it is just a notification, and access it on the official website for further action.